| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 25 Sep 2015 16:54:52 +0100
From: David Howells <dhowells@...hat.com>
To: jmorris@...ei.org
cc: dhowells@...hat.com, dwmw2@...radead.org, pmatouse@...hat.com,
arjan@...ux.intel.com, apw@...onical.com, vlee@...pensource.com,
keyrings@...r.kernel.org, linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [GIT PULL] Miscellaneous keyrings and modsign fixes
Hi James,
Can you pass these changes on to Linus? There are four:
(1) Fix a potential race between keyring destruction and keyring lookup by
name.
(2) Remove unneeded headers from extract-cert.c, at least one of which will
prevent it from compiling if the openssl libs are too old.
(3) Don't strip leading zeros from the key ID when using it to construct a
key description lest this make the key not match.
(4) Downgrade use of CMS-based signatures to PKCS#7-based signatures if the
openssl libs are too old. Note that in this case, you are also limited
to using SHA1 as the pre-1.0.0 openssl libs don't support anything else.
Thanks,
David
---
The following changes since commit ced255c0c5fb9ab52c9465982f23b1c14005ef8b:
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux (2015-09-24 20:14:26 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/keys-fixes-20150925
for you to fetch changes up to 283e8ba2dfde54f8f27d7d0f459a07de79a39d55:
MODSIGN: Change from CMS to PKCS#7 signing if the openssl is too old (2015-09-25 16:31:46 +0100)
----------------------------------------------------------------
Keyrings fixes
----------------------------------------------------------------
David Howells (4):
KEYS: Fix race between key destruction and finding a keyring by name
KEYS: Remove unnecessary header #inclusions from extract-cert.c
X.509: Don't strip leading 00's from key ID when constructing key description
MODSIGN: Change from CMS to PKCS#7 signing if the openssl is too old
Documentation/Changes | 2 +-
crypto/asymmetric_keys/x509_public_key.c | 4 --
scripts/extract-cert.c | 4 --
scripts/sign-file.c | 94 ++++++++++++++++++++++++++------
security/keys/gc.c | 8 +--
5 files changed, 82 insertions(+), 30 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists